Okta Access Token - SpringBoot

RakeshCarey · November 5, 2025, 6:04am

Hi Team,

I am working on POC and following the spring boot okta documents.

I am able generate the access token from /default/v1/token.

While validating on https://www.jwt.io/, getting success validation and updating last character in access token from A-Z is also working for some of them.

Example: acess token ending with QUmueAPokhdkfAHfXOEuQgG6vTywh6q2q7WITRX0GUnESEfOcHnUAj0Vc6D4cGO7ZiYqZ32ROMNFpQ

If i will update last character Q to P OR Q to R or Q to Z then also valid token. May I know why it is happening. If any update in mid, error message is coming.

andrea · November 6, 2025, 7:47pm

There was a similar question asked in the Auth0 Community: Altered JWT Still Validates - Auth0 Community

More details available in the readme for the jjwt library:

And there’s also this longer form article that explains why this happens: Decoding the JWT Anomaly: When Changing a Token’s Last Character Doesn’t Break Verification | by Markus Huber | Medium

Post		Replies	Views
Validate Access token in Spring boot , getting error om.okta.jwt.JoseException: Failed to validate JWT string OAuth/OIDC spring , java	7	11483	January 12, 2024
Validating Okta token using JWTTokenValidator Questions	1	2996	February 8, 2024
Invalid token / Invalid Signature OAuth/OIDC spring , boot	15	11396	January 12, 2024
Refreshing Access Tokens Okta Spring Boot Starter OAuth/OIDC spring , java	3	7642	January 12, 2024
Please provide working project for validation of okta access token in spring boot Questions	3	3793	October 16, 2020

Okta Access Token - SpringBoot

Related topics